The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ruby | Ruby-lang | 1.8.7 (including) | 1.8.7 (including) |
| Red Hat Enterprise Linux 5 | RedHat | ruby-0:1.8.5-27.el5 | * |
| Red Hat Enterprise Linux 6 | RedHat | ruby-0:1.8.7.352-10.el6_4 | * |
| Ruby1.8 | Ubuntu | hardy | * |
| Ruby1.8 | Ubuntu | lucid | * |
| Ruby1.8 | Ubuntu | natty | * |
| Ruby1.8 | Ubuntu | oneiric | * |
| Ruby1.8 | Ubuntu | precise | * |
| Ruby1.8 | Ubuntu | quantal | * |
| Ruby1.8 | Ubuntu | upstream | * |
| Ruby1.9 | Ubuntu | hardy | * |
References
- http://rhn.redhat.com/errata/RHSA-2013-0129.html
- http://rhn.redhat.com/errata/RHSA-2013-0612.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
- http://www.openwall.com/lists/oss-security/2012/10/05/4
- https://bugzilla.redhat.com/show_bug.cgi?id=863484
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
- http://rhn.redhat.com/errata/RHSA-2013-0129.html
- http://rhn.redhat.com/errata/RHSA-2013-0612.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
- http://www.openwall.com/lists/oss-security/2012/10/05/4
- https://bugzilla.redhat.com/show_bug.cgi?id=863484
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294